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For  the  DOD’s  strategy  of 
information  superiority  to  remain 
viable,  the  Department  requires: 

-  Trusted,  Affordable,  Timely  Supply 
of  Integrated  Circuits  (ICs) 

-  A  continued  stream  of  exponential 
improvements  in  the  processing 
capacity  of  microchips  and  new 
approaches  to  extracting  military 
value  from  information. 

Technical  Aspects  of  Trusted 
Circuits: 

-  Design 

-  1C  Fabrication 

-  1C  Packaging 


Technical  and  Structural 
Vulnerabilities 


•  A  small  number  of  special  circuit  1C  components  are  essential  for  the 
nation's  defense.  Many  have  no  commercial  demand: 

-  Radiation  hardening,  high  power  microwave,  mm-wave  and  sensors. 

•  Global  economic  pressures  are  driving  1C  design  and  manufacturing  to 
foreign  soil  and  out  of  US  control  to  ensure  trust  and  availability: 

-  Taiwan,  PRC,  Singapore,  Korea  and  Japan 

-  Cost  for  building  300mm  wafer,  65nm  chip  fabrication  plant  is  now  approaching 
$3B. 

-  In  addition  to  trust,  the  country  faces  a  potential  “Reverse-ITAR”  restriction 
environment  for  future  supply 

•  Dedicated  facilities  (NSA,  Sandia,  Honeywell,  etc.)  cannot  provide  the 
performance,  variety  and  volume  of  DOD  needs. 

•  This  creates  significant  future  vulnerability  for  critical  systems: 

-  Trust  cannot  be  added  to  circuits  after  fabrication 

-  Reverse  engineering  cannot  be  relied  upon  to  detect  undesired  1C  alterations. 

•  “Trusted  Foundry  Program”  provide  interim  measure  for  trusted  high 
performance  IC’s  -  “take  or  pay”  basis 


3 


What  is  the  Nature  of  the 
Adversary? 


•  It  is  assumed  that  the  adversary  is  a 
nation/state  with  modern  semiconductor 
capability  that  has  the: 

-  Motivation 

-  Opportunity 

-  Talent 

-  Manpower 

-  Time  /  Patience 

to  do  significant  harm  to  the  USA 


•  Although  TRUST  is  not  synonymous  with  RadHard,  affordable,  low 
volume  and  fast  cycle  time,  many  customers  for  trusted  parts  also 
desire  these  other  attributes 


Affordable 


Ftadi-lard 


Low  Volume 


A 


rest  Cycle 


TRUST 


Trustworthy  computing  (with  software)  cannot  exist 
until  we  have  trustworthy  hardware  to  build  it  on 


TRUST 

Commercial  Efforts 


Automobiles  (GM) 

Smart  Cards/Smart  Keys  (Samsung,  Infineon) 
Integrated  Circuits  -  (INTEL) 

Cell  Phones  -  (Motorola) 

Set  Top  Boxes  -  (Motorola) 

Secure  Blue  -  (IBM) 

Commercial  Reverse  Engineering  -  (Chipworks, 
Semiconductor  Insights,  CPU  Tech) 

The  government  can  benefit  from  commercial  practices 
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Level  of  Control  of  1C  Supply  Process 


UNTRUSTED 
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DARPA  Hard  Problems 


•  How  do  you  trust  the  design  cycle  to  faithfully  generate  only 
the  microelectronics  desired? 

•  How  do  you  trust  microelectronics  chips  when  they  are 
manufactured  in  a  non-trusted  facility,  such  that  they  will 
faithfully  perform  only  the  function  they  are  designed  for? 

•  How  do  you  trust  that  the  testing  on  the  microelectronic  chips 
will  faithfully  determine  that  the  chip  will  operate  only  as 
designed,  (no  more  -  no  less) 

•  How  do  you  know  that  the  packaging  of  the  chip  does  not 
introduce  features  into  or  misidentify  the  chip? 

•  How  do  you  determine  that  the  packaged  chip  has  not  been 
tampered  with  after  installation,  and  how  do  you 
communicate  the  fact  of  tampering? 
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Areas  of  Interest 


*  CASE1 :  Given  an  1C  corresponding  to  a  known  design,  does 
the  1C  that  is  delivered  do  what  it  is  supposed  to  do  and 
nothing  more?  This  is  the  case  when  the  Fabrication  facility  is 
not  trusted  but  the  design  process  is.  The  problem  is  to 
determine  whether  the  1C  hardware  received  has  been  modified 
in  order  to  determine  that  the  fabrication  can  be  trusted. 

*  CASE2:  Given  a  specification  and  an  1C  design  is  the  design 
true  to  the  specification?  In  this  case  one  assessing  the  trust 
of  the  design  software  and  synthesis  tools.  The  design  itself 
must  be  validated. 

*  CASE3:  Given  a  re-configurable  1C,  does  the  configurable 
data  (bit  stream)  in  the  device  accurately  represent  what  was 
intended  by  the  specification,  design  and  VHDL  synthesis? 
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Standard  1C  with  Extra  Circuits 
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Example  Circuit  1  -  Trigger  Always  On 
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Example  Circuit  2  -  Event  Triggered  Condition 


10 


Metrics  Challenge 


Oth 


63rd  Bit  * 
61st  Bit 


64  Bit  Adder 

-  256  gates 

-  2048  transistors 

-  2  transistors  mis-designed 
to  cause  arithmetic  errors 
in  the  61st  bit  of  the  adder 


Adder 

region 


1 ,000  transistors 


Adder 

region 


106  total 
transistors 


I-  Good 
Transistor 

!■  Trojan 
Transistor 


How  Does  One  Quantify  the  Performance  of  Alternative  Approaches 
to  Detect  Additions,  Deletions,  and  Modifications  to  the  Desired  Design  ? 
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P n/P FA  Metrics  Considerations 
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Example  1  -  Tests  Performed  at  the  Transistor  Level 
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Test  at  Transistor  Level  -  “rogue” 
transistors  detected 

PD  =  1/2  =  50.0% 

PFA  =  4/1 06  =  4*1  O'6 


Example  2  -  Tests  Performed  at  the  Functional  Level 
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Test  at  Functional  Level  -  “2048 
transistor  adder  does  not  function 
properly  “ 

PD  =  2/2  =100.0% 

PFA  =  (2048-2)/106  =  2.046*1  O’3 
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Key  Technical  Challenges 


Key  technical  challenges  for  TRUST  in  ICs  include: 


-  Destructive  reverse  engineering  of  an  1C  in  a  cost  and  time 
efficient  manor. 

-  Determining  if  all  the  chips  on  a  single  wafer  are  identical. 

-  Determining  the  effectiveness  of  a  non-destructive  reverse 
engineering  techniques. 

-  Sensitivity  and  effectiveness  of  software  techniques  to 
prevent  and/or  detect  the  insertion  of  malicious  circuits 
during  the  design  cycle. 

-  Determining  the  independence  of  various  transistor  Pd 
measurements. 

-  Relating  transistor  level  Pd/Pfa  metrics  to  1C  level  Pd/Pfa 
metrics. 
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Further  Interests 


Other  areas  of  personal  interest  beyond  TRUST  in  ICs: 

-  Device  technologies  that  extend  beyond  Moore’s  Law. 

-  Device  technologies  which  allow  effective  circuit  level 
learning  to  take  place. 

-  Devices  based  on  entangled  quantum  effects  such  as  matter 
waves,  quantum  computing  and  quantum  key  distribution 

-  Circuit  functions  which  adapt  to  the  environment. 

-  Complex  Microsystems  which  marry  advanced  architectures 
to  unique  devices. 

-  Recruiting  high  quality  Program  Managers  for  MTO 
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